channel is interactive

PCHAR channel_get_type(Channel *channel);

Arguments

channel

The channel instance to get the type of.

Returns

The channel’s arbitrary type.

Summary

This function returns the channel type string that is associated with

the supplied channel object instance. The channel type does not

come from a predefined set of types.

B.1.4

channel is interactive

Prototype

BOOL channel_is_interactive(Channel *channel);

Arguments

channel

The channel instance to operate on.

Returns

TRUE

if the channel is currently in an interactive state. Otherwise,

FALSE

is returned.

Summary

This function returns the boolean state associated with whether or

not the supplied channel is currently interactive.

B.1.5

channel open

Prototype

DWORD channel_open(Remote *remote, Tlv *addend,

DWORD addendLength,

ChannelCompletionRoutine *completionRoutine);

Arguments

remote

The remote connection management ob-

ject that is used for the transmission of

packets.

addend

An array of TLV addends to be included

in the

core channel open

request. This

parameter is optional and should be

NULL

if there are no addends.

addendLength

The number of elements in the array sup-

plied in

addend.

This parameter is op-

tional and should be 0 if there are no ad-

dends.

completionRoutine

The routine that should be called when the

operation has been completed either suc-

cessfully or unsuccessfully.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function opens a channel between the client and the server.

B.1.6

channel read

Prototype

Tlv *addend, DWORD addendLength, ULONG length,

ChannelCompletionRoutine *completionRoutine);

Arguments

channel

The channel instance that is to be read

from.

remote

The remote connection management ob-

ject that is used for the transmission of

packets.

addend

An array of TLV addends to be included

in the

core channel read

request. This

parameter is optional and should be

NULL

if there are no addends.

addendLength

The number of elements in the array sup-

plied in

addend.

This parameter is op-

tional and should be 0 if there are no ad-

dends.

length

Specifies the amount of data that should be

read from the remote side of the channel.

completionRoutine

The routine that should be called when the

operation has been completed either suc-

cessfully or unsuccessfully.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function reads data from the remote half of the channel and

calls the supplied completion handler once the read operation has

completed.

B.1.7

channel write

Prototype

DWORD channel_write(Channel *channel, Remote *remote,

Tlv *addend, DWORD addendLength, PUCHAR buffer,

ULONG length,

ChannelCompletionRoutine *completionRoutine);

Arguments

channel

The channel instance that is to be written

to.

remote

The remote connection management ob-

ject that is used for the transmission of

packets.

addend

An array of TLV addends to be included

in the

core channel write

request. This

parameter is optional and should be

NULL

if there are no addends.

addendLength

The number of elements in the array sup-

plied in

addend.

This parameter is op-

tional and should be 0 if there are no ad-

dends.

buffer

Specifies the actual data that should be

written to the remote side of the channel.

length

Specifies the amount of data that should be

written to the remote side of the channel.

completionRoutine

The routine that should be called when the

operation has been completed either suc-

cessfully or unsuccessfully.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function writes data to the remote half of the channel and

calls the supplied completion handler once the write operation has

completed.

B.1.8

channel close

Prototype

DWORD channel_close(Channel *channel, Remote *remote,

Tlv *addend, DWORD addendLength,

ChannelCompletionRoutine *completionRoutine);

Arguments

channel

The channel instance that is to be closed.

remote

The remote connection management ob-

ject that is used for the transmission of

packets.

addend

An array of TLV addends to be included

in the

core channel close

request. This

parameter is optional and should be

NULL

if there are no addends.

addendLength

The number of elements in the array sup-

plied in

addend.

This parameter is op-

tional and should be 0 if there are no ad-

dends.

completionRoutine

The routine that should be called when the

operation has been completed either suc-

cessfully or unsuccessfully.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function instructs the remote half of the channel to close. Once

the remote half responds with whether or not the channel has been

closed the local half will deallocate resources associated with the

channel.

B.1.9

channel interact

Prototype

DWORD channel_interact(Channel *channel, Remote *remote,

Tlv *addend, DWORD addendLength, BOOL enable,

ChannelCompletionRoutine *completionRoutine);

Arguments

channel

The channel instance that is to be closed.

remote

The remote connection management ob-

ject that is used for the transmission of

packets.

addend

An array of TLV addends to be included

in the

core channel close

request. This

parameter is optional and should be

NULL

if there are no addends.

addendLength

The number of elements in the array sup-

plied in

addend.

This parameter is op-

tional and should be 0 if there are no ad-

dends.

enable

Specifies whether or not interactivity

should be enabled on the channel.

completionRoutine

The routine that should be called when the

operation has been completed either suc-

cessfully or unsuccessfully.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function instructs the remote half of the channel to send output

and receive input in an event driven fashion if theenableparameter

is set to

TRUE. Otherwise, internal buffering is used for input and

output.

B.2

Command Registration

The command registration subsystem allows both server and client

extensions to registration callbacks that are to be associated with

inbound request and response packets for a given method. While the

prototypes are documented in C, equivalents do exist for the major-

ity of the methods described below in the form of thePex::Meterpreter::Base

class.

B.2.1

command register

Prototype

typedef struct

{

DISPATCH_ROUTINE handler;

TlvMetaType

argumentTypes[MAX_CHECKED_ARGUMENTS];

DWORD

numArgumentTypes;

} PacketDispatcher;

typedef struct command

{

LPCSTR

method;

PacketDispatcher request;

PacketDispatcher response;

} Command;

DWORD command_register(Command *command);

Arguments

command

The command handler that is to be registered.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

Summary

This function registers a command handler for the request and re-

sponse packets that have their method set to the

command

para-

meters

method

attribute. When a packet arrives with a matching

method is is dispatched to the provided handler for processing by

the extension that registered it. This is the primary means by which

server extensions expose functionality to meterpreter clients.

B.2.2

command deregister

Prototype

typedef struct

{

DISPATCH_ROUTINE handler;

TlvMetaType

argumentTypes[MAX_CHECKED_ARGUMENTS];

DWORD

numArgumentTypes;

} PacketDispatcher;

typedef struct command

{

LPCSTR

method;

PacketDispatcher request;

PacketDispatcher response;

} Command;

DWORD command_deregister(Command *command);

Arguments

command

The command handler that is to be deregistered.

Returns

On success, zero is returned. Otherwise, a non-zero value is returned

to indicate the type of error that occurred.

This function deregisters a command handler that was previously

registered with the

command register

function.

B.3

Packet Management

The packet management subsystem allows for manipulating and

transmitting meterpreter packets. The following functions are ex-

ported for use by both the client and the server. While the proto-

types are documented in C, equivalents do exist for the majority of

the methods described below in the form of thePex::Meterpreter::Packet

class.

B.3.1

packet create

In document meterpreter pdf (Page 43-51)